package com.qust.wj.controller;

import com.qust.wj.constant.ResultCode;
import com.qust.wj.result.Result;
import com.qust.wj.entity.*;
import com.qust.wj.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpSession;

@Controller
public class LoginController {
    @Autowired
    UserService userService;

    //处理跨域请求
    @CrossOrigin
    @PostMapping(value = "api/login")
    @ResponseBody
    public Result login(@RequestBody User requestUser, HttpSession session){
        //对html标签就行转义，防止XSS攻击
//        String username= requestUser.getUsername();
//        username = HtmlUtils.htmlEscape(username);
        User user = userService.selectByUserNameAndPassword(requestUser);
        if (null == user) {
            return new Result(ResultCode.PASSWORD_ERROR);
        } else {
            session.setAttribute("user",user);
            return new Result(ResultCode.SUCCESS);
        }
    }
}
